Published: 05/01/2009 Updated: 29/09/2017

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 265

Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

Constructr CMS 3.02.5 and previous versions stores passwords in cleartext in a MySQL database, which allows context-dependent malicious users to obtain sensitive information by reading the hash column.

Vulnerable Product	Search on Vulmon	Subscribe to Product
constructr constructr-cms 3.02.2
constructr constructr-cms 3.02.1
constructr constructr-cms 3.01.4
constructr constructr-cms 3.01.3
constructr constructr-cms 3.01.2
constructr constructr-cms 3.02.4
constructr constructr-cms 3.02.3
constructr constructr-cms 3.01.6
constructr constructr-cms 3.01.5
constructr constructr-cms 3.00.0
constructr constructr-cms
constructr constructr-cms 3.01.8
constructr constructr-cms 3.01.7
constructr constructr-cms 3.00.2
constructr constructr-cms 3.00.1
constructr constructr-cms 3.02.0
constructr constructr-cms 3.01.9
constructr constructr-cms 3.01.1
constructr constructr-cms 3.01.0

Constructr CMS constructr-cmsorg/ - <= 3025 "Stable" - magic_quotes_gpc = Off register_globals = On - Directory Traversal - Source Disclosure - Arbitrary File Creation - Etc Etc Etc - site/constructr/backend/templatephp?edit_file= Db info: /config/configincphp - SQL - site/constructr/?show_page= User (urlencod ...

CWE-255 http://securityreason.com/securityalert/4868 https://www.exploit-db.com/exploits/7529 https://nvd.nist.gov https://www.exploit-db.com/exploits/7529/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-5847

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect